Skip to content

v4.0.0

Latest
Latest

Choose a tag to compare

View all tags
@awlayton awlayton released this 05 Oct 18:51
· 11 commits to main since this release
v4.0.0
4a87c5f
This commit was signed with the committer’s verified signature.
awlayton Alex Layton
SSH Key Fingerprint: yNiBXYNaL0eZ5QVx5DsBQbXFNeBwUVLOJ8JTN/jSlT0
Verified
Learn about vigilant mode.

4.0.0 — 2025-10-05

🛡️ Security

  • update vulnerable dependencies to pino:8.6.0 fastify:4.6.0 fastify-graceful-shutdown:3.3.0 find-my-way:7.1.0 light-my-request:5.6.1 got:12.5.0 — (93b765c)
  • update vulnerable dependencies to kafkajs:2.2.1 chalk:5.1.2 express:4.18.2 got:12.5.2 minimist:1.2.7 fastify:4.8.1 find-my-way:7.3.1 — (d209ee6)
  • update vulnerable dependencies to kafkajs:2.2.2 fastify-plugin:4.3.0 pino:8.7.0 @fastify/helmet:10.0.2 cacache:17.0.1 randomstring:1.2.3 @OADA/client:4.4.1 — (565a102)
  • security updates to k8s-wait-for — (4ecab1e)
  • update vulnerable dependencies to arangojs:8.0.0 deep-equal:2.1.0 tslib:2.4.1 @fastify/cors:8.1.1 @fastify/request-context:4.1.0 @fastify/websocket:7.1.1 cacache:17.0.2 — (4b166ec)
  • update vulnerable dependencies to dezalgo:1.0.4 formidable:2.1.2 — (12b0bf7)
  • update vulnerable dependencies to cookiejar:2.1.4 HTTP-cache-semantics:4.1.1 node-jose:2.2.0 — (7f2f34f)
  • update vulnerable dependencies to arangojs:8.4.1 flat:6.0.0 tslib:2.6.2 yaml:2.3.2 uuid:9.0.1 fastify-plugin:4.5.1 pino:8.15.1 pino-pretty:10.2.0 typescript:5.2.2 @fastify/helmet:11.1.1 @fastify/rate-limit:8.0.3 @fastify/secure-session:7.1.0 @fastify/sensible:5.3.0 @fastify/static:6.11.2 @fastify/view:8.1.0 @OADA/types:3.5.3 es-main:1.3.0 fastify-graceful-shutdown:3.5.1 jose:4.14.6 @OADA/formats-server:3.5.3 cacache:18.0.0 light-my-request:5.11.0 p-queue:7.4.1 — (565b7c3)
  • update vulnerable dependencies to semver:5.7.2 tough-cookie:4.1.3 — (b686b1e)
  • upgrade pino-pretty from 10.2.2 to 10.2.3 — (851ab1f)
  • update vulnerable dependencies to yaml:2.4.0 fastify:4.26.2 light-my-request:5.11.0 — (8270e68)
  • OADA/services/auth/package.json to reduce vulnerabilities — (4264eb8)
  • update vulnerable dependencies to braces:3.0.3 fill-range:7.1.1 tar:6.2.1 — (8d1c669)
  • update vulnerable dependencies to yaml:2.6.1 nstats:6.0.1 cross-spawn:7.0.5 @OADA/client:5.2.6 — (7c5fdc2)
  • update vulnerable dependencies to jsonpath-plus:10.3.0 undici:6.21.1 — (0b026d4)
  • update vulnerable dependencies to @babel/runtime:7.26.10 axios:1.8.3 — (befc658)
  • update vulnerable dependencies dotenv:16.5.0 yaml:2.7.1 @fastify/cors:11.0.1 @fastify/jwt:9.1.0 @fastify/view:11.0.0 fastify:5.2.2 ioredis:5.6.1 fastify-jwt-jwks:2.0.1 type-is:2.0.1 got:14.4.7 — (c32164b)
  • update vulnerable dependencies to @lukeed/ms:2.0.2 fast-jwt:5.0.6 mnemonist:0.40.3 obliterator:2.0.4 — (7cc4274)
  • update vulnerable dependencies to pino-caller:4.0.0 superagent:10.0.0 @fastify/request-context:6.2.0 @fastify/secure-session:8.2.0 fastify:5.3.2 fastify-jwt-jwks:2.0.2 — (610a1f6)
  • update vulnerable dependencies to debug:4.4.1 yaml:2.8.0 @fastify/view:11.1.0 fastify:5.3.3 jose:6.0.11 — (09ef68c)
  • update vulnerable dependencies to brace-expansion:1.1.12 brace-expansion:2.0.2 — (3e32c04)
  • update vulnerable dependency form-data:4.0.4 — (9830503)
  • non-security non-breaking dependency updates — (6a10283)

🚀 Features

  • stability improvements — (350b113)

OpenID Connect

  • add debug level logging of discovery results — (5090643)

ArangoDB

  • update arangojs and token CLI — (dd1c477)

Auth

  • automatic bcrypt salt generation — (a0b0465)
  • switch logging to pino — (1b6af25)
  • rewrite/update auth server for PKCE support — (c340eaa)
  • improve crypto key/code handling/generation — (8e2a588)
  • implement PKCE checks per rfc7636 — (b2e5d6c)
  • start of support for external oauth/OpenID Connect providers — (af6babd)
  • can authenticate w/ Auth0 using OpenID Connect — (9dccd9b)
  • more progress towards full auth0/OpenID Connect support — (171430d)
  • retrieve user via oauth/OpenID Connect id_token — (684adfe)
  • [breaking] update token cli for OpenID Connect — (692705e)
  • decouple storage of tokens/users/codes — (1c0d113)

Config

  • add logging support to lib-config — (e5da2e3)

Helm

  • add basic grafana dashboards for OADA — (c93c847)
  • update chart for ASK compat — (bea26c9)
  • [breaking] somewhat major rework of OADA chart — (3e17154)
  • support upgrading chart releases — (651b22e)
  • simple support for microservices — (bec2266)
  • add support for new rate-limit feature — (75b16ab)
  • update chart for OADA v4 — (853cb3e)
  • new OADA chart version — (fb6d431)
  • better OpenShift compatibility — (6bb7c2e)

HTTP

  • add optional rate-limiting to HTTP-handler — (81d3dc3)
  • ignore x-OADA-ensure-link when meaningless — (dca7813)

Import

  • add ArangoDB import command — (ca8e26c)
  • trace log import improvements — (bf2165b)
  • add batching support — (7f58c68)
  • smaller default batches — (d5563bb)

Kafka

  • automatically create topics on startup if able — (815ad50)

Lib-prom

  • export metrics server and add README — (4687a30)
  • pseudo metric support — (aecff85)

Logging

  • improved pino/Loki support — (7f26568)

Logs

  • improve HTTP request id logging — (5ebf796)

Metrics

  • ServiceMonitors for ArangoDB/Redpanda — (664cf5e)

Pino-debug

  • update to esm — (a68d136)
  • export Logger type, make use of options.base — (6dafb32)

Rate-limit

  • add support for RateLimit header fields draft — (ba05516)

Well-known

  • more robust OpenID Connect config endpoints — (a440d47)

⚙️ Continuous Integration

  • update to yarn 3.5.0 and typescript 5.0.2 — (5e25cff)

Auth

  • remove unused dependencies @OADA/id-client got p-lazy — (77ac6f5)

Changelog

  • release changes workflow — (769fdac)

Changes

Codeowners

  • downgrade action due to bug — (a38bb8e)

Dependencies

  • bump azure/setup-helm from 3.1 to 3.3 — (b49cf2c)
  • bump to @OADA/types:3.1.2 @types/node:18.6.3 type-fest:2.18.0 p-queue:7.3.0 — (2e8fb41)
  • bump booxmedialtd/ws-action-parse-semver — (6ffec55)
  • bump docker/build-push-action from 3.1.0 to 3.1.1 — (5342bfe)
  • bump to @types/node:18.7.17 typescript:4.8.3 find-my-way:7.1.0 light-my-request:5.6.0 — (d496c7d)
  • bump actions/checkout from 2 to 3 — (fa4a012)
  • bump helm/chart-releaser-action from 1.4.0 to 1.4.1 — (79d828f)
  • bump docker/login-action from 2.0.0 to 2.1.0 — (ac53bca)
  • bump docker/setup-qemu-action from 2.0.0 to 2.1.0 — (0018557)
  • bump docker/setup-buildx-action from 2.0.0 to 2.1.0 — (17c6d67)
  • bump docker/build-push-action from 3.1.1 to 3.2.0 — (da42d71)
  • bump docker/setup-buildx-action from 2.1.0 to 2.2.1 — (8fcf671)
  • bump azure/setup-helm from 3.3 to 3.4 — (c3dac5b)
  • bump booxmedialtd/ws-action-parse-semver — (33b94b9)
  • bump to @fastify/cors:8.2.0 eslint-config-xo:0.43.1 — (2fc2872)
  • bump to got:12.5.3 fastify:4.10.0 ajv:8.11.2 @OADA/client:4.5.0 — (3b8cb86)
  • bump helm/chart-releaser-action from 1.4.1 to 1.5.0 — (da475da)
  • bump azure/setup-helm from 3.4 to 3.5 — (21567cf)
  • bump docker/build-push-action from 3.2.0 to 3.3.0 — (b526209)
  • bump booxmedialtd/ws-action-parse-semver — (a17b1b9)
  • bump dependencies to tslib:2.5.0 type-fest:3.5.3 jwt-bearer-client-auth:2.0.3 fastify:4.12.0 — (9551812)
  • bump docker/build-push-action from 3.3.0 to 4.0.0 — (01b7159)
  • bump docker/setup-buildx-action from 2.2.1 to 2.4.0 — (138fdf9)
  • bump docker/setup-buildx-action from 2.4.0 to 2.4.1 — (3bfc5c3)
  • bump docker/setup-buildx-action from 2.4.1 to 2.5.0 — (372e8f1)
  • bump dependencies to type-fest:3.6.1 kafkajs:2.2.4 prom-client:14.2.0 pino:8.11.0 pino-caller:3.4.0 pino-pretty:10.0.0 @OADA/types:3.4.3 body-parser:1.20.2 ejs:3.1.9 got:12.6.0 @fastify/cors:8.2.1 @fastify/websocket:7.1.3 @OADA/formats-server:3.4.3 fastify:4.14.1 find-my-way:7.6.0 — (7cdb82b)
  • bump dependencies to @OADA/types:3.4.5 @OADA/formats-server:3.4.5 — (4ad589b)
  • bump docker/setup-buildx-action from 2.5.0 to 2.7.0 — (8e7d0d1)
  • bump docker/build-push-action from 4.0.0 to 4.1.1 — (7e8629b)
  • bump docker/login-action from 2.1.0 to 2.2.0 — (205a414)
  • bump docker/setup-qemu-action from 2.1.0 to 2.2.0 — (bcf4437)
  • bump docker/setup-buildx-action from 2.7.0 to 2.8.0 — (769af62)
  • bump dependencies to tslib:2.6.0 dotenv:16.3.1 pino-pretty:10.0.1 typescript:5.1.6 @fastify/helmet:11.0.0 @fastify/view:8.0.0 chalk:5.3.0 fastify:4.19.2 @OADA/client:4.5.4 — (b2e6f86)
  • bump docker/setup-buildx-action from 2.8.0 to 2.9.1 — (97737fc)
  • bump docker/build-push-action from 4.1.1 to 5.0.0 — (ee32ede)
  • bump docker/login-action from 2.2.0 to 3.0.0 — (eedd6f3)
  • bump docker/setup-buildx-action from 2.9.1 to 3.0.0 — (f70c118)
  • bump docker/metadata-action from 4 to 5 — (f420c9d)
  • bump actions/checkout from 3 to 4 — (382a921)
  • bump docker/setup-qemu-action from 2.2.0 to 3.0.0 — (b791802)
  • bump actions/checkout from 3 to 4 — (9a96f03)
  • bump helm/chart-releaser-action from 1.5.0 to 1.6.0 — (7ba8d14)
  • bump docker/build-push-action from 5.0.0 to 5.1.0 — (ae29a88)
  • bump github/codeql-action from 2 to 3 — (e578054)
  • bump actions/cache from 3 to 4 — (16da68b)
  • bump docker/setup-buildx-action from 3.0.0 to 3.1.0 — (e9a49d1)
  • bump docker/build-push-action from 5.1.0 to 5.3.0 — (c86ad0d)
  • bump docker/setup-buildx-action from 3.1.0 to 3.2.0 — (1c0a48f)
  • bump docker/login-action from 3.0.0 to 3.1.0 — (05060ce)
  • bump azure/setup-helm from 3.5 to 4 — (053c71b)
  • bump docker/setup-buildx-action from 3.2.0 to 3.3.0 — (3b2491b)
  • bump @fastify/secure-session from 7.1.0 to 7.3.0 in /OADA — (d0e915a)
  • bump docker/login-action from 3.1.0 to 3.2.0 — (7c95ca1)
  • bump docker/build-push-action from 5.3.0 to 6.2.0 — (67e3417)
  • bump docker/setup-buildx-action from 3.3.0 to 3.4.0 — (1d67aa2)
  • bump docker/build-push-action from 6.2.0 to 6.3.0 — (0f17aae)
  • bump docker/setup-qemu-action from 3.0.0 to 3.1.0 — (6d910c5)
  • bump docker/build-push-action from 6.3.0 to 6.4.0 — (1ccfabd)
  • bump docker/build-push-action from 6.4.0 to 6.4.1 — (8093946)
  • bump docker/build-push-action from 6.4.1 to 6.5.0 — (c0ae041)
  • bump docker/setup-buildx-action from 3.4.0 to 3.5.0 — (94db930)
  • bump docker/setup-qemu-action from 3.1.0 to 3.2.0 — (31e202d)
  • bump docker/login-action from 3.2.0 to 3.3.0 — (ba532e6)
  • bump docker/setup-buildx-action from 3.5.0 to 3.6.1 — (e6fdbce)
  • bump docker/build-push-action from 6.5.0 to 6.6.1 — (54e9e53)
  • bump docker/build-push-action from 6.6.1 to 6.7.0 — (dc126e5)
  • bump docker/setup-buildx-action from 3.6.1 to 3.7.1 — (718df4f)
  • bump docker/build-push-action from 6.7.0 to 6.9.0 — (0ae0e76)
  • upgrade to fastify-jwt-jwks 2.0.0 — (48b1409)
  • update to jsonpath-plus 10.0.0 — (80ecdf1)
  • update @OADA/client to 5.2.3 — (1005f6d)
  • bump the npm_and_yarn group across 2 directories with 3 updates — (422c4ff)
  • bump docker/build-push-action from 6.9.0 to 6.10.0 — (479e172)
  • bump dependencies to arangojs:9.2.0 debug:4.4.0 dotenv:16.4.7 pino-Loki:2.4.0 got:14.4.5 openid-client:5.7.1 @fastify/accepts:5.0.2 @fastify/helmet:13.0.0 — (ba5fb73)
  • bump docker/setup-buildx-action from 3.7.1 to 3.8.0 — (8d03c27)
  • bump docker/setup-qemu-action from 3.2.0 to 3.3.0 — (3026d1b)
  • bump docker/build-push-action from 6.10.0 to 6.11.0 — (be88158)
  • bump docker/build-push-action from 6.11.0 to 6.12.0 — (c3f5a10)
  • bump helm/chart-releaser-action from 1.6.0 to 1.7.0 — (b634dcc)
  • bump docker/build-push-action from 6.12.0 to 6.13.0 — (2d9cd2a)
  • bump docker/setup-qemu-action from 3.3.0 to 3.4.0 — (72bad32)
  • bump docker/setup-buildx-action from 3.8.0 to 3.9.0 — (3af3547)
  • bump docker/build-push-action from 6.13.0 to 6.14.0 — (36a34fc)
  • bump docker/setup-qemu-action from 3.4.0 to 3.6.0 — (c159e97)
  • bump docker/build-push-action from 6.14.0 to 6.15.0 — (d8da2b5)
  • bump docker/setup-buildx-action from 3.9.0 to 3.10.0 — (73151a8)
  • bump docker/login-action from 3.3.0 to 3.4.0 — (0330875)
  • remove unused dependency @OADA/formats — (07c713b)
  • bump docker/build-push-action from 6.15.0 to 6.16.0 — (5648b70)
  • bump docker/build-push-action from 6.16.0 to 6.17.0 — (e3099a6)
  • bump docker/build-push-action from 6.17.0 to 6.18.0 — (2c05cc2)
  • bump dependencies to pino:9.7.0 pino-Loki:2.6.0 @fastify/rate-limit:10.3.0 @fastify/static:8.2.0 fastify:5.4.0 @fastify/websocket:11.1.0 allow-methods:7.1.0 — (15a71fe)
  • bump docker/setup-buildx-action from 3.10.0 to 3.11.1 — (22da4b9)
  • bump docker/login-action from 3.4.0 to 3.5.0 — (1aeb5a9)
  • bump actions/checkout from 4 to 5 — (78cc78c)
  • bump docker/login-action from 3.5.0 to 3.6.0 — (a1c8bda)

Dev-dependencies

  • bump to eslint:8.21.0 typescript-eslint:5.32.0 — (7411f13)

Github

Helm

Release

Semgrep

Workflows

Yarn

🐛 Bug Fixes

  • memory leak — (1b0a635)
  • fix pino-caller peerDependencies — (6ac59ac)

Dockerfile

  • add libc6-compat for sodium — (40dc1dc)

ArangoDB

  • handle changes from new arangojs version — (91f99d4)
  • JSON typo — (f74449c)
  • more JSON typos — (4059c3c)

Auth

  • don't use debug messages for CLI — (f3fdc83)
  • fix client_id in token creation — (4866211)
  • OpenID Connect issuer typos — (d698548)
  • improved OpenID Connect issuer support — (6c20e12)
  • properly initialize "new" OpenID Connect users — (6328734)
  • support both OpenID Connect jwt and/or local uuids — (b69c36a)
  • tweak Authorization model — (9a869cc)
  • user lookup for legacy tokens — (88f2ee1)
  • local/OpenID Connect user compatibility fixes — (d08374e)
  • fix server hang at start — (143db4d)
  • oauth device code flow fixes — (d993370)

Dockerfile

  • add missing corepack line — (7d43256)
  • use corepack yarn during image build — (fb04f31)
  • fix corepack yarn install — (0d57194)
  • better corepack install — (500791c)

Headers

  • don't send content-location on 4xx — (5490a56)

Helm

  • use valid tag name — (2966bc8)
  • fix config for external services — (fed78be)
  • remove unfisk from default services — (6060b88)
  • persist auth keys in k8s secret — (13f0aab)
  • correct values schema — (d96e493)
  • fix upgrade errors with pvcs — (c3e5575)
  • qualify svc dns for auth — (b38d214)
  • disable broken probes — (7d433c6)

HTTP

  • handle changes to fastify content parsers — (a85e2ff)

Import

  • add options for handling conflicts — (153c95e)
  • fix counting of collection docs — (c6317ea)
  • another fix for import count — (a944690)
  • fix batching logic — (8eda6a9)
  • stop batch cursor from timing out — (12132a1)
  • change cursor ttl — (c22e934)
  • do not error if cursor kill fails — (b6bdd15)

Lib-prom

  • fix PseudoMetric types — (87fec97)
  • fix missing nstats peer dependency — (d0e3d2f)

Node

  • set NODE_OPTIONS for better exception handling — (2bfeedc)

Permissions

  • skip scope check for non-existent resources — (a6d3b15)

Pino

  • fix PINO_LEVEL option — (7bd9203)
  • better Loki support — (467c80b)

Rate-limit

  • fix read/write rate separation — (bb9651b)
  • let plugin handle parsing the time window config — (e058aa6)
  • disable bugged 429 retry-after header — (2eac1d3)
  • correct Retry-After header — (3a49b98)

Tracing

  • fix handling of x-request-id header — (c098b96)

WebSockets

  • better backwards compat hack — (4bd3f7c)

Websockets

  • maintain backwards compatibility of client — (ff2c3e9)
  • remove bad optimization check — (0f3ad08)

Well-known

  • add missing dependencies — (9b53b58)
  • fix OADA-configuration redirects — (153f4b0)

⚡ Performance

Websockets

  • streamline websocket handling — (9616945)

📚 Documentation

CODEOWNERS

  • remove deleted k8s dir — (d75be80)

Changes

  • tweak git-cliff config — (b5f4708)

Lib-prom

  • add npm badge to README — (e617a1a)

Pino-debug

🚜 Refactor

  • refactor internal libs — (7774c80)

Auth

  • refactor oauth2/openid server code — (25add3c)

Dependencies

  • replace clone-deep w/ structuredClone builtin — (b6502d3)

Well-known

  • fastify & prom metrics — (c6cc9a5)

🎨 Styling

Auth

Biomejs

  • update biomejs config — (9af4ffc)

Eslint

🧪 Testing

Dependencies

  • remove vulnerable dependencies in tests — (748658f)

⚙️ Miscellaneous Tasks

Auth

  • remove old dev signing key — (c786ce5)

Cleanup

  • remove old k8s files — (50707c3)

Helm

  • bump helm chart version — (5d63c44)
  • update chart application version — (b79b943)

Release

Yarn

Assets 2
Loading
0 Join discussion